Closed CamilleHbp closed 1 year ago
You should eval $(op signin --account FOO)
before running chezmoi
.
Doesn't it make it impossible to run sh -c "$(curl -fsLS get.chezmoi.io)" -- init --apply ${MY_DOTFILES_REPO}
and have a nice setup on a brand new machine? Because it means I have to manually install a bunch of stuff before running chezmoi
, and it defeats the purpose.
Or did I misunderstand something?
Example:
I could install the 1password
app and use it to connect the CLI. But that would mean that I need to install Homebrew
myself on the machine, since I use it to manage most of my apps. And that defeats the purpose of using chezmoi
for me. :S Unless that's not the purpose of chezmoi
and I should use another tool?
So… Chezmoi can try to log into 1Password automatically (you don’t have the setting which disables the login prompt, that I can see), but when executing it cannot inherit the environment of a child process, which is what you’re doing when you call eval $(op signin account --FOO)
inside of a script.
I’m not entirely sure why the 1Password integration can’t see the account after the initial SETUP
phase (.chezmoiscripts/run_after_onchange_10-configure-1password.sh.tmpl:45-49
), and that’s something that will take some debugging which I don’t have time to do until the 29th or so.
Chezmoi is definitely a multipurpose too, and you can use it to install many things (and I do), but I have recently started installing 1Password (both CLI and desktop) directly rather than with Homebrew or Macports, although I install quite a few other things with Homebrew and Macports using Chezmoi scripts.
Okay, I'll be waiting gladly for some more info on this :) If you need some actions from me, when you have the time to debug, don't hesitate to ask me!
In the meantime, I've solved the issue by not using eval $(op signin)
at all. This causes chezmoi
to automatically prompt for the password when using the template function, and incidentally solves my issue. 🤷 Works for me, but I'm still interested in helping investigate. 😆 Signed, David Goodenough.
I think that I have a suggestion, but you’ll need to do tell 1Password to forget
your account. Then try something like this in your template:
{{ $domain := printf "%s.1password.com" .op_domain }}
{{ $email := quote .op_email }}
{{ $secret := quote .op_secret }}
{{ $result := (output "op" "account" "add" "--address" $domain "--email" $email "--secret-key" $secret) }}
I don’t know how well it will work, but if that runs before onepasswordDetailsFields
, then the account should be added by time that onepasswordDetailsFields
runs. If this does work, then it may be worth considering a no-output exec function for cases like this.
onepasswordDetailsFields
will work perfectly if 1Password already knows about the account. It won’t work at all if it doesn’t.
I've told 1password-cli
to forget the account and I've run my script again, using op account add --address {{ .op_subdomain }}.1password.com --email {{ .op_email | quote }} --secret-key {{ .op_secret | quote }}
as before, and as long as I don't call eval $(op signin)
before, everything works fine.
Weird. I don’t even have any ideas on how to investigate that part.
I'll try to find a way to set it up on a new machine someday and check that. I'm sorry I can't be more useful :S
Not a problem. I’m glad that we have this working, but I think that it was a bit of a race condition where the op account add…
wasn’t executing before eval $(op signin)
was, but I believe that the issue is entirely external to chezmoi except in that how you were setting things up was run by chezmoi.
If you manage to get this reproduced, please feel free to reopen this issue or file a new one.
Describe the bug
When using the
onepasswordDetailsFields
template functions, 1password-cli tells me I'm not signed in, though I am.It seems that the command is run when evaluated and fails before I can even prompt the user to sign in. I have tried to sign in in a script run before the one calling the template function, and it still tell me I am not signed in.
To reproduce
EDIT: I have tried to setup a minimal repo that fails on my machine on a new branch fix/1password.
Use
op signin
thenonepasswordDetailsFields
function in a script.I've tried attribution the value to a template variable with a
with
go template, but it doesn't change the result.Expected behaviour
User should be allowed to sign in and the template function should run without problems.
Output of command with the
--verbose
flagOutput of
chezmoi doctor
Additional context
I've tried to be as specific as I could, but it might be a messy report. Is there a way to easily set a chezmoi minimal repo to repoduce the error, without affecting my config? Thanks! :)